The WASC Statistics Project is the first attempt at an industry wide collection of application vulnerability statistics in order to identify the existence and proliferation of application security issues on enterprise websites. Anonymous data correlating vulnerability numbers and trends across organization size, industry vertical and geographic area are being collected and analyzed to identify the prevalence of threats facing today’s online businesses. Such empirical data aims to provide the first true statistics on application layer vulnerabilities.
Using the Web Security Threat Classification (http://www.webappsec.org/projects/threat/) as a baseline, data is currently being collected and contributed by more than a half dozen major security vendors with the list of contributors growing regularly.
We are actively seeking others to contribute data.
If you would like to be involved with the project, please contact Erik Caso (ecaso AT ntobjectives DOT com)